On 10/02/2026 14:00, Sandro Bonazzola wrote:
> Good Morning Everyone,
>
> I would like to raise the topic of enforcing 2FA on the entire CentOS/virt
> namespace on gitlab: https://gitlab.com/CentOS/virt <https://gitlab.com/
> CentOS/virt>
>
> This is something I can do, but before I click the button I'd like to
> ask: is
> anyone opposed to this?
> If not, I'll switch the configuration next week.
>
> Thanks in advance for your thoughts!
>
> --
>
> Sandro Bonazzola
>

Hi Sandro,

I think it's a good practice and wanted to raise it with CentOS Board
eventually for the whole gitlab.com/CentOS/ group/namespace
What is also needed, and it goes further than just 2FA, would be to
ensuring that all people using gitlab *are* also coming from SSO (so
Fedora/CentOS Account) and so through saml auth, and not just "direct"
gitlab users having rights

It recently was an issue on some other SIGs are SIG owners forgot the
rule and started to grant access to individuals, rather than through FAS
  groups and so defeating the purpose

So can you eventually review members that are either
managers/owners/developers in Virt SIG, not coming through SSO (so no
SAML label) and so no 2FA label either, and contact them to announce the
plan ?

See
https://gitlab.com/groups/CentOS/virt/-/group_members?sort=access_level_desc

What I don't see listed is Jean-Louis, working on oVirt and not even
listed there, so wondering from where he rebuilds ovirt pkgs if nothing
is stored on gitlab ?

--
Fabian Arrotin
The CentOS Project | https://www.centos.org
gpg key: 17F3B7A1 | @arrfab[@fosstodon.org]